Privacy, Security, Compliance

Do 75% of data breaches really come from “insiders”?

There’s a lot of information out there on data breaches. I’ve written before about one source that I trust — the Verizon Data Breach Report (DBIR). The 2018 DBIR studied a sample of 2,216 confirmed data breaches, and of these it found that 28% involved internal actors. The DBIR uses a publicly accessible database of security incidents, and applies quality filters to data before including it in the report. Only 28%? I heard that 75% of breaches come from “insiders” Different studies sample different breaches, so it’s natural that there would be some variance on findings about who is behind breaches. However, I heard about a report where the variance was enough that I wanted to look into it: a presentation at the PASS Summit in 2018 cited a 2017 article which found that three quarters of data breaches came from “insiders.” This figure seems very high to me. Every…
Read More

Where do data breaches come from?

I recently did a bit of research on the source of data breaches. In this post, I’ll talk a bit about my current favorite source for breach information, and a bit of what I learned. Verizon publishes the ‘Data Breach Investigations Report’ annually  The 2018 edition of this free report by Verizon Enterprise Solutions is the 11th edition — they’ve had some practice. The reports are extremely well detailed, and shockingly, they’re even entertaining to read. The reports don’t claim to discover all data breaches. After all, not all data breaches are discovered, and those that are discovered aren’t necessarily reported. 2,216 breaches, analyzed The 2018 report covers 53,000 incidents, defined as “a security event that compromises the integrity, confidentiality or availability of an information asset”.  It also covers 2,216 breaches, which are defined as “an incident that results in the confirmed disclosure — not just potential exposure — of data to…
Read More

Automating SQL Local Security Policy Rights: PoSH and NTRights

The Basics on Local Security Policy Rights and SQL Server… There are a couple of local security policy rights that are not granted by default in SQL Server setup that I’ve been setting manually for a few years now: Lock Pages In Memory Allows large page allocation Prevents the SQL Server process from being paged out Perform Volume Maintenance Tasks Instant initialization on data files It’s a fairly click-heavy process to add the permissions for these through the Local Security Policy GUI. I prefer that these permissions be granted to the local security group for sql server that’s created in Windows, and that really requires a lot of clicks, unless you can remember and enter a group name like this without any typos: SQLServerMSSQLUser$servername$MSSQLSERVER  or SQLServerMSSQLUser$servername$INSTANCENAME By the way, what is up with using the $ in the group names?  If someone can tell me, I would love to know.…
Read More